Thursday, June 13, 2024

Mobile Spyware Maker mSpy Leaked Millions of Sensitive Data Online in Plain Text

A leading mobile spyware maker mSpy leaked more than a million paying customers including kids and partners high sensitive data online.

mSpy is a brand of mobile and computer parental control monitoring software for iOS,  Android, Windows, and macOS. mSpy monitors and logs user activity on the client device.

Leaked data contains millions of users including passwords, call logs, text messages, contacts, notes, and location data.

These all the data has been collected secretly from kids, loved one and company employees from the different organization.

An online open mspy database has been discovered by a security researcher Nitish Shah that contains the username, password and private encryption key of each mSpy customer.

In this case, he tried to alert the company of his findings, but the company’s support personnel ignored him.

These sensitive data belongs to each mSpy customer who logged in to the mSpy site or purchased a mSpy license over the past six months.
Accoring to krebs on security, the database included the Apple iCloud username and authentication token of mobile devices running mSpy, and what appear to be references to iCloud backup files.
Anyone who stumbled upon this database also would have been able to browse the Whatsapp and Facebook messages uploaded from mobile devices equipped with mSpy.

Different records uncovered incorporated the exchange points of interest of all mSpy licenses bought in the course of the most recent a half year, including customer name, email address, street number and sum paid. Likewise in the informational collection were mSpy user logs from browser and Internet address data of individuals visiting the mSpy Web website.

Andrew,  mSpy’s chief security officer said“We have been working hard to secure our system from any possible leaks, attacks, and private information disclosure,”

“All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time.”

This is a second-time mSpy Failed to protect their customer within 3 years and the 1st breach has been reported on 2015.

Website

Latest articles

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...

Firefox 127 Released With patch for 15 Vulnerabilities

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles